Designed a practical TPRM framework with vendor inventory, criticality tiers, and due diligence mapped to PCI DSS, ISO 27001 and SOC 2, plus a 5-week rollout roadmap.

Built a centralized tracker to manage renewals and evidence across PCI DSS, SOC 2, ISO 27001 and vendor certifications, improving audit readiness and reducing missed renewals.

Executed a full third-party due diligence lifecycle in ServiceNow, including onboarding, inherent risk tiering, risk-based assessments, issue management, and closure aligned to OSFI B-10, ISO 27001, and SOC 2.

Performed a readiness review against ISO/IEC 27001:2022, mapped controls to existing processes, identified high-risk gaps, and built a phased remediation plan with clear ownership.

Developed a risk register and dashboard combining key risks, control status, and remediation progress to support clearer prioritization and senior leadership reporting.

Built and validated a Security Incident Response workflow in ServiceNow, enforcing escalation, playbook-driven response, and TLP-based access control for sensitive incidents.